Azure SRE Agent now supports Log Analytics and Application Insights as log providers, backed by the Azure MCP Server. Connect your workspaces and App Insights resources, and the agent can query them directly during investigations.
Why This Matters
Log Analytics and Application Insights are common destinations for Azure operational data - container logs, application traces, dependency failures, security events. The agent could already access this data through az monitor CLI commands if you granted RBAC roles to its managed identity, and that approach still works. But it required manual RBAC setup and the agent had to shell out to CLI for every query.
With these connectors, setup is simpler and querying is faster. You pick a workspace, we handle the RBAC grants, and the agent gets native MCP-backed query tools instead of going through CLI.
What You Get
Two new connector types in Builder > Connectors (or through the onboarding flow under Logs):
- Log Analytics - connect a workspace. The agent can query ContainerLog, Syslog, AzureDiagnostics, KubeEvents, SecurityEvent, custom tables, anything in that workspace.
- Application Insights - connect an App Insights resource. The agent gets access to requests, dependencies, exceptions, traces, and custom telemetry.
You can connect multiple workspaces and App Insights resources. The agent knows which ones are available and targets the right one based on the investigation.
Setup
If you want early access, please enable: Early access to features under Settings > Basics.
Early access to features
From there you can add connectors in two ways:
Through onboarding: Click Logs in the onboarding flow, then select Log Analytics Workspace or Application Insights under Additional connectors.
Through Builder: Go to Builder > Connectors in the sidebar and add a Log Analytics or Application Insights connector.
Pick your resource from the dropdown and save. If discovery doesn't find your resource, both connector types have a manual entry fallback.
On save, we grant the agent's managed identity Log Analytics Reader and Monitoring Reader on the target resource group. If your account can't assign roles, you can grant them separately.
Backed by Azure MCP
Under the hood, this uses the Azure MCP Server with the monitor namespace. When you save your first connector, we spin up an MCP server instance automatically. The agent gets access to tools like:
- monitor_workspace_log_query - KQL against a workspace
- monitor_resource_log_query - KQL against a specific resource
- monitor_workspace_list - discover workspaces
- monitor_table_list - list tables in a workspace
Everything is read-only. The agent can query but never modify your monitoring configuration.
If different connectors use different managed identities, the system handles per-call identity routing automatically.
What It Looks Like
An alert fires on your AKS cluster. The agent starts investigating and queries your connected workspace:
ContainerLog
| where TimeGenerated > ago(30m)
| where LogEntry contains "error" or LogEntry contains "exception"
| summarize count() by ContainerID, LogEntry | top 10 by count_
KubeEvents
| where TimeGenerated > ago(1h)
| where Reason in ("BackOff", "Failed", "Unhealthy") | summarize count() by Reason, Name, Namespace
| order by count_ descThe agent also ships with built-in skills for common Log Analytics and App Insights query patterns, so it knows which tables to look at and how to structure queries for typical failure scenarios.
Things to Know
- Read-only - the agent can query data but cannot modify alerts, retention, or workspace config
- Resource discovery needs Reader - the dropdown uses Azure Resource Graph. If your resources don't show up, use the manual entry fallback
- One identity per connector - if workspaces need different managed identities, create separate connectors
Learn More
We'd love feedback. Try it out and let us know what works and what doesn't.
Azure SRE Agent is generally available. Learn more at sre.azure.com/docs.
Microsoft